Configuring security settings

This topic provides basic suggestions for configuring generic antivirus and intrusion prevention client software on systems that make up a BMC Cloud Lifecycle Management environment. It includes the following subsections:

Antivirus and intrusion prevention clients focus on the assessment and prevention of malicious attacks against the systems they protect. This assessment scrutinizes any files, connectivity, or behavior that the software determines are a potential risk, including unrecognized materials or an attempt to control other systems.

The nature of automation requires access and control of other systems as well as the use of use of various utilities and installers that could be mistakenly classified as a threat, so it is not unusual to see conflicts with intrusion prevention and automation efforts. Because each environment and antivirus software combination can result in unique results, supplying a detailed list of configuration settings that will meet all customer requirements is not possible. However the settings listed below can be used as a base line for initial settings that should minimize disruption of BMC Cloud Lifecycle Management services. If a full hardening exercise is desired or required to fully lock down BMC Cloud Lifecycle Management services using third party products without a disruption to services, a full environment assessment and time to test and monitor specific third-party features and functions with BMC Cloud Lifecycle Management systems is required.

Directories to exclude

This section provides a list of basic directories that should be excluded from Antivirus and Intrusion prevention scans. The intent is to keep CLM files/directories from being quarantined, blocked, or deleted by Antivirus or Intrusion Detection services. Some of these systems may not apply to your specific environment depending on the BMC build/services that have been implemented. If the installations did not use the default installation directories, then the paths below would be replaced with the paths that were used.

Core systems

System

Directories to exclude

BMC Server Automation servers

C:\Program Files\BMC Software\
C:\Windows\rsc\

BMC Server Automation file servers

C:\Program Files\BMC Software\
C:\Windows\rsc\
<path to fileserver storage>/storage/

BMC Cloud Lifecycle Management cloud platform manager

C:\Program Files\BMC Software\

BMC Remedy AR System enterprise servers and web servers

C:\Program Files\BMC Software\

BMC Cloud Lifecycle Management cloud database server

C:\Program Files\BMC Software\

BMC Atrium Orchestrator servers

C:\Program Files\BMC Software\

BMC Network Automation

C:\Program Files\BMC Software\
C:\BCA-Networks-Data\

Supplemental systems

System

Directories to exclude

BMC Server Automation PXE servers

C:\Program Files\BMC Software\
C:\Windows\rsc\

BMC Server Automation repeaters

C:\Program Files\BMC Software\
C:\Windows\rsc\

BMC Server Automation 

C:\Program Files\BMC Software\
C:\Windows\rsc\

Target systems

System

Directories to exclude

Target VMware vCenter servers

C:\Program Files\BMC Software\
C:\Windows\rsc\

Services

BMC recommends that you set security software to not run real time scans against the following trusted services that run as part of BMC Cloud Lifecycle Management.

Products

Services

BMC AR System Server - Cloud Portal and Database

Apache Tomcat Tomcat6
AR System Portmapper
BMC Atrium Impact Simulator
BMC Remedy Action Request System Server<hostname>
BMC Remedy Email Engine<hostname>
BMC Remedy Flashboards Server<hostname>

BMC Atrium Web Registry

Apache Tomcat atriumTomcat6

BMC Remedy AR Mid-Tier

Apache Tomcat Tomcat6

BMC Server Automation

BladeLogic Application Server
BladeLogic Process Spawner
BMC BladeLogic RSCD Service

BMC Atrium Orchestrator

BMC Atrium Orchestrator Access Manager and Repository
BMC Atrium Orchestrator Configuration Distribution Peer

BMC Network Automation

BCA-Networks TFTP Server
BCA-Networks Web Server

Platform Manager

BMC CSM

PXE Server

BladeLogic PXE Server
BladeLogic TFTP Server

BMC Network Device Agent

BCA-Networks Agent

BBSA repeaters

BMC BladeLogic Advanced Repeater Service
BMC BladeLogic RSCD Service

VCenter Server(s)

BMC BladeLogic RSCD Service

Ports

As part of your BMC Cloud Lifecycle Management implementation, the applications require different ports for authentication, communication, etc. See Port mappings for more information. If the default ports were modified as part of your installation or if additional systems were added for HA/DR considerations, take those ports into account.

Security information for component products

For security information for component products, see the following topics in the component products' documentation spaces:

Was this page helpful? Yes No Submitting... Thank you

Comments